Providing secure communication and/or sharing of personal data via a broadband gateway

ABSTRACT

A broadband gateway may manage confidential data associated with users in a home network managed and/or serviced by the broadband gateway. The broadband gateway may store the user confidential data broadband gateway in a distributed manner, wherein the confidential data may be divided into a plurality of portions and stored separately in multiple storage locations or devices. When users authorize the transfer of the confidential data, all portions may be communicated to enable aggregating them such that the confidential data may be obtained. The user confidential data may be encrypted. The broadband gateway may securely communicate and/or share the user confidential user data. This may be achieved by tracking communication of the user confidential data, by using tags incorporated into the data. The broadband gateway may also ensure that communicated confidential data is rendered unusable under certain conditions, based on use for various timing tags for example.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. application Ser. No.12/982,501, filed Dec. 30, 2010, which claimed priority to U.S.Provisional Application No. 61/351,696 filed on Jun. 4, 2010, and theentire contents of both are hereby information by reference in theirentirety.

This application also makes reference to:

U.S. application Ser. No. 12/355,377 filed on Jan. 16, 2009;

U.S. application Ser. No. 12/355,413 filed on Jan. 16, 2009;

U.S. application Ser. No. 12/355,480 filed on Jan. 16, 2009;

U.S. application Ser. No. 12/395,383 filed on Feb. 27, 2009;

U.S. application Ser. No. 12/982,321 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,355 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/981,971 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/981,933 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,216 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,433 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,205 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,353 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/981,966 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,453 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,172 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,429 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/981,990 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,442 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,000 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,010 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,022 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/981,986 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,236 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,091 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,213 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,166 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,340 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,073 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,206 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,440 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,171 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,223 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,305 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,477 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,331 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,036 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,196 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,391 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,405 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/981,753 filed on Dec. 30, 2010;

U.S. application Ser. No. 12/982,414 filed on Dec. 30, 2010; and

U.S. application Ser. No. 12/981,733 filed on Dec. 30, 2010.

FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT

[Not Applicable].

MICROFICHE/COPYRIGHT REFERENCE

[Not Applicable].

FIELD OF THE INVENTION

Certain embodiments of the invention relate to communication. Morespecifically, certain embodiments of the invention relate to a methodand system for providing secure communication and/or sharing of personaldata via a broadband gateway.

BACKGROUND OF THE INVENTION

With the continuous growth of digital television or broadcastmultimedia, and/or broadband access, which may be used in conjunctionwith online businesses, social networks, and/or other online servicesand applications, users may desire having access to a larger number ofproviders and/or a broader range of content in a manner that is flexibleand/or suits the users' lifestyles. Most users connect to the Internetusing web browsers running on personal computers (PCs) and/or mobiledevices such as Smartphones. Furthermore, most households may have oneor more televisions that may be used to view television broadcastsand/or multimedia content. Television broadcasts may include terrestrialTV, Cable-Television (CATV), satellite TV and/or Internet Protocoltelevision (IPTV) based broadcasts. To protect against unauthorizedreception and/or use of multimedia content, service providers mayrequire use of dedicated set-top boxes (STBs) that may be used toencrypt broadcast signals communicated from the service providers togenerate suitable video and/or audio streams that may be played viatelevisions and/or other display/playback devices in the household.

Further limitations and disadvantages of conventional and traditionalapproaches will become apparent to one of skill in the art, throughcomparison of such systems with some aspects of the present invention asset forth in the remainder of the present application with reference tothe drawings.

BRIEF SUMMARY OF THE INVENTION

A system and/or method is provided for providing secure communicationand/or sharing of personal data via a broadband gateway, substantiallyas shown in and/or described in connection with at least one of thefigures, as set forth more completely in the claims.

These and other advantages, aspects and novel features of the presentinvention, as well as details of an illustrated embodiment thereof, willbe more fully understood from the following description and drawings.

BRIEF DESCRIPTION OF SEVERAL VIEWS OF THE DRAWINGS

FIG. 1 is a block diagram illustrating an exemplary communication systemthat comprises a home network serviced by a broadband gateway, inaccordance with an embodiment of the invention.

FIG. 2 is a block diagram illustrating an exemplary broadband gateway,in accordance with an embodiment of the invention.

FIG. 3A is a block diagram illustrating an exemplary tracking basedsecure communication of user confidential data via a broadband gateway,in accordance with an embodiment of the invention.

FIG. 3B is a block diagram illustrating an exemplary distributed storageand secure communication of user confidential data via a broadbandgateway, in accordance with an embodiment of the invention.

FIG. 4A is a flow chart that illustrates exemplary steps for utilizing abroadband gateway to provide secure storage of user confidential data,in accordance with an embodiment of the invention.

FIG. 4B is a flow chart that illustrates exemplary steps for utilizing abroadband gateway to provide secure communication and/or sharing of userconfidential data, in accordance with an embodiment of the invention.

DETAILED DESCRIPTION OF THE INVENTION

Certain embodiments of the invention may be found in a method and systemfor providing secure communication and/or sharing of personal data via abroadband gateway. In various embodiments of the invention, a broadbandgateway, which may be communicatively coupled to a plurality of devicesin a home network, and/or which may be operable to handle one or morephysical layer connections to corresponding one or more network accessservice providers, may be utilized to manage confidential dataassociated with a user serviced by the broadband gateway, to protect theuser confidential data against unauthorized access and/or reception. Theuser confidential data may comprise, for example, financial ortransactional related information, and/or healthcare relatedinformation. Management of user confidential data may compriseencrypting the confidential data, using one or more encryptionalgorithms and/or protocols. The broadband gateway may providedecryption information corresponding to applied encryption algorithms,such as when a request for the user confidential data is received andauthorized by the corresponding user. Management of user confidentialdata may also comprise securing communication of the user confidentialdata during the management of the user confidential data. In thisregard, communication of the user confidential data may be secured bytracking the communicated user confidential data, by incorporating tagsinto one or more network packets utilized during that communication. Thetags may require alerting the user and/or acknowledgment by the user ininstances when one or more of the network packets are received and/orwhen the user confidential data is accessed during the securecommunication.

Secure communication of user confidential data may also compriseincorporating one or more access control parameters into the networkpackets utilized in carrying the user confidential data, to enablerendering the communicated user confidential data and/or the networkpackets unusable when one or more conditions are met based on theincorporated access control parameters. In this regard, the communicateduser confidential data, and/or the network packets, may be renderedunusable by means of deletion, decimation, corruption, and/or by makingthem inaccessible. For example, the access control parameters maycomprise various timing parameters that may require deleting,decimating, corruption, and/or rendering the data inaccessible aftercertain duration. The broadband gateway may utilize distributing storageof the user confidential data during management of the user confidentialdata. In this regard, the distributed storage of user confidential datamay comprise dividing the user confidential data into a plurality ofportions, and storing the plurality of portions in a plurality ofstorage devices. The distributed storage may be utilized to facilitatesecure communication of the user confidential data, by separatelycommunicating each of the plurality of portions of the divided userconfidential data from the plurality of storage devices or resourceswhen the user confidential data is requested, only if authorized by theuser. Accordingly, a recipient may obtain the user confidential data byaggregating the communicated plurality of portions.

FIG. 1 is a block diagram illustrating an exemplary communication systemthat comprises a home network serviced by a broadband gateway, inaccordance with an embodiment of the invention. Referring to FIG. 1,there is shown a home network 100 a, a plurality of distributionnetworks 110, a plurality of service providers 120 a-120 m, and aplurality of content providers 130 a-130 k. The home network 100 a maybe serviced by a broadband gateway 102. Also shown in FIG. 1 areadditional home networks 100 b, . . . , 100 n, and an emergency servicesprovider network 150. Each of the home networks 100 b, . . . , 100 n mayalso be serviced by a broadband gateway 102.

The service providers 120 a-120 m may comprise various entities whichmay provide various services to broadband gateways 102 and/or to devicesserviced by the broadband gateways 102, such as the plurality of homedevices 104 a-104 j. Some of the service providers 120 a-120 m maycomprise network access service providers which provide physical layerconnections to the broadband gateway 102. Such physical layerconnections may then be utilized to access content provided by thecontent providers 130 a-130 k, access services provided by other ones ofthe service providers 120 a-120 m, and/or access an intranet or theInternet at-large. In this regard, “network access service provider” asutilized herein, is distinguished from the more generic term “serviceprovider” which may encompass services other than providing physicallayer access to a network. Cable television providers, plain oldtelephone service (POTS) providers, digital subscriber line (DSL)providers, cellular providers, WiMAX providers, and satellite providersare examples of network access service providers. In an exemplaryembodiment of the invention, the broadband gateway 102 may enableconnecting to multiple service providers 120 a-120 m to facilitatereceiving content originating from one or more of the content providers130 a-130 k.

The content providers 130 a-130 k may comprise various entities and/ornetworks which may generate, capture, and/or package content that may bedistributed to end-users (i.e. “subscribers”), via the service providers120 a-120 m and/or the distribution networks 110. In this regard,content may comprise audio, video, multimedia, e-book, gaming, and/orother content. Exemplary content providers may comprise commercialproviders of multimedia content, such as major film or televisionproduction and/or distribution companies (e.g. Paramount Pictures orWarner Bros.), and/or providers of personal content (e.g. user-generatedcontent). In some instances, as demonstrated by dashed line 140, contentand service providers may be merged as singular entities that mayprovide both content and network access servicing, which may be used todelivering the offered content. The content may be, for example,downloadable and/or streaming, rented and/or purchased. Contentoriginating from the content providers 130 a-130 k may be distributed tothe end-users (e.g. consumers) by the service providers 120 a-120 m. Insome instances, content providers 120 a-120 m and service providers 120a-120 m may be separate entities. In some instances, however, a singleprovider may provide both content and services, as demonstrated bydashed line 140 for example. That is, an entity that functions as anetwork access service provider may also provide content and/or servicesother than network access and, thus, that entity may also be accuratelyreferred to as a “content provider” and/or a “service provider.” Thecontent and/or services that are provided by the content provider and/orthe service provider may be provided to the broadband gateways 102 viaone or more physical connections provided by a network access serviceprovider.

The plurality of distribution networks 110 may comprise one or morenetworks that may be operable to enable wireless and/or wiredcommunication among a plurality of local and/or remote entities, basedon one or more networking and/or communication infrastructures. In thisregard, the plurality of distribution network 110 may be utilized toenable distributing multimedia content generated by the contentproviders 130 a-130 k, directly and/or via the service providers 120a-120 m, to end-users. The network connectivity available via theplurality of distribution networks 110 may be based on one or morecommunication standards and/or protocols. The plurality of distributionnetworks 110 may comprise, for example, Internet 110 a, the CableTelevision (CATV) network 110 b, Satellite Television (TV) network 110c, wireless local network area/wide network area (LAN/WAN) 110 d, and/orcellular network 110 e.

The Internet 110 a may comprise a system of interconnected networks toenable exchange of data among a plurality of nodes, based on one or morenetworking standards, including, for example, the Internet Protocol(IP). The Internet 110 a may enable connectivity among a plurality ofprivate and public, academic, business, and/or government nodes and/ornetworks. The physical connectivity in the Internet 110 a may beprovided via, for example, the Public Switched Telephone Network (PSTN),copper wires, fiber-optic cables, wireless interfaces, and/or otherprotocols and/or standards-based interfaces. The transport functionalityin the Internet 110 a may be performed based on, for example, one ormore transport protocols, such as the Transmission Control Protocol/IP(TCP/IP), for example. The CATV network 110 b may comprise suitabledistribution nodes, systems, and/or subnetworks that may enableforwarding of communication between CATV providers and a plurality ofcable-TV consumers. For example, the CATV network 110 b may comprise anetwork of fiber optics and/or coaxial cables for use in CATVbroadcasts. The satellite TV network 110 c may comprise suitabledistribution nodes, systems, and/or subnetworks that may enablecommunication of satellite TV broadcast by satellite TV providers to aplurality of consumers. For example, the satellite network 110 c maycomprise a plurality of orbiting satellite nodes and/or one or moreterrestrial centers in a satellite-TV system.

The LAN/WAN network 110 d may comprise suitable logic, circuitry,interfaces, and/or code that may be operable to enable implementation ofone or more wired and/or wireless LAN or WAN standards and/or protocols.Exemplary WAN technologies comprise, for example, WiMAX-based networks.Exemplary LAN technologies may comprise, for example, those based onIEEE 802.11 standards, including, for example, WiFi-based networks. Thecellular network 110 e may comprise suitable logic, circuitry,interfaces and/or code that may be operable to enable communication viaone or more cellular technologies. Exemplary cellular technologies maycomprise Code Division Multiple Access (CDMA), wideband CDMA (WCDMA),CDMA1000, High-Speed Downlink Packet Access (HSDPA), Global System forMobile Communications (GSM), General Packet Radio Services (GPRS),Enhanced Data Rates for Global Evolution (EDGE), and/or Universal MobileTelecommunication System (UMTS). The cellular network 110 e maycomprise, for example, a plurality of control and/or switching nodes,and a plurality of base stations that enable transmission and/orreception of cellular based communications between the cellular network110 e and cellular capable devices.

Each of the home networks 100 a-100 n may correspond to a location thatmay comprise a plurality of devices, such as a plurality of home devices104 a-104 j in the home network 100 a, which may be serviced and/ormanaged by an instance of the broadband gateway 102. In this regard, thelocation may be a residence (e.g., home, apartment), a small business, aschool, a library, and/or other like settings in which users may want toobtain access to service and/or to content provider networks. Thebroadband gateway 102 may be utilized in a home network, such as thehome network 100 a, to provide connectivity between the home network andone or more of the service providers 120 a-120 m (and/or one or more ofthe content providers 130 a-130 k) via the distribution networks 110.

The broadband gateway 102 may comprise suitable logic, circuitry,interfaces, and/or code that may be operable to implement variousaspects of the invention. In this regard, the broadband gateway 102 maybe operable to communicate with the content providers 130 a-130 k, theservice providers 120 a-120 m, and the plurality of home devices 104a-104 j. In this manner, the broadband gateway 102 may enablebidirectional communication of content and/or other information betweenthe content providers 130 a-130 k, the service providers 120 a-120 m andthe devices 104 a-104 j. Communications between the broadband gateway102 and service providers 120 a-120 m (and/or the content providers 130a-130 k) may be carried over optical, wired, and/or wireless links ofthe distribution network(s) 110. Similarly, Communications between thebroadband gateway 102 and the devices 104 a-104 j may be carried overoptical, wired, and/or wireless links. In an exemplary aspect of theinvention, a single broadband gateway 102 may be operable to handlemultiple physical layer (i.e., layer 1 of the open-systemsinterconnection model (OSI)) connections 108 to multiple ones, orportions, of the distribution network(s) 110, where different ones orportions of the distribution network(s) 110 may be owned, operated,leased, or otherwise associated with different ones of the networkaccess service providers 120 a-120 m. For example, a first networkaccess service provider may provide network access to the broadbandgateway 102 via a DSL connection over twisted-pair cabling, and a secondnetwork access service provider may provide network access to thebroadband gateway 102 via a cable television connection over coaxialcabling. In some instances, the broadband gateway 102 may be operable toconcurrently communicate over the multiple physical layer connectionsprovided by the multiple network access service providers.

The broadband gateway 102 may operate as an interface device that mayallow one or more service and/or content providers to interact withvarious devices in the home network. In this regard, the broadbandgateway 102 may be operable to perform and/or provide various servicesthat may pertain to enabling and/or facilitating reception of contentfrom one or more content providers 130 a-130 k, wherein the content maybe delivered through one or more services providers 120 a-120 m. Forexample, the broadband gateway 102 may be operable to perform suchoperations as network access related processing (e.g. PHY/MAC, and/ortransport layer processing), encryption and/or decryption, user and/oraccount authentication, and/or at least some of video and/or audioprocessing operations which may be necessary for consumption ofmultimedia content.

The broadband gateway 102 may communicate with various devices in thehome networks using optical, wired and/or wireless communication links.Devices serviced by, and/or connected with the broadband gateway 102 maycomprise content consuming devices and/or other, non-content consuminghousehold or home devices that may be operable to interact with thebroadband gateway 102. For example, the broadband gateway 102 mayservice, and/or may communicate with the plurality of home devices 104a-104 j in the home network 100 a. The home devices may comprise, forexample, one or more of a television 104 a, a laptop computer 104 b, asmoke detector, a carbon monoxide detector, and/or a security alarm 104c, a computer and/or server 104 d, a mobile phone 104 e, a speaker 104f, an AM/FM radio 104 g, an appliance 104 h (e.g., refrigerator), aphone 104 i, and a digital video recorder (DVR) or personal videorecorder (PVR) 104 j. The broadband gateway 102 may interact with eachof the home devices 104 a-104 j via corresponding links 106 a-106 j,which may be supported by the broadband gateway 102 and thecorresponding home device. For example, the link 106 a between thebroadband gateway 102 and the television 104 a may comprise aHigh-Definition Multimedia Interface (HDMI) cable. The link 106 b maycomprise, for example, a wired Ethernet link, a wireless Ethernet link,a Universal Serial Bus (USB) link, or an IEEE 1394 link. The link 106 cmay comprise, for example, a two-wire link or a wireless link. The link106 d may comprise, for example, a wired Ethernet link, a wirelessEthernet link, a USB link, or an IEEE 1394 link. The link 106 e maycomprise, for example, a wireless Ethernet link, a USB link, or acellular link. The link 106 f may comprise speaker wire and/or awireless link. The link 106 g may comprise, for example, AM and/or FMradio transmissions broadcast received using the broadband gateway 102.The link 106 h may comprise, for example, a wired or wireless link. Thelink 106 i may comprise, for example, a phone line. The link 106 j maycomprise, for example, a wired or a wireless link.

The broadband gateway 102 may also be operable to provide and/or supportvarious other, non-content related services in the home network 100 a.The broadband gateway 102 may provide, for example, emergency-relatedservices in the home network 100 a. For example, the emergency servicesprovider network 150 may be connected to the distribution networks 110via a link 112. The emergency services provider network 150 may beassociated with one or more emergency service provider entities. Forexample, a public entity such as a 911 center and/or a private entitysuch as a security company may be able to interact with the broadbandgateway 102 in the home network 100 a via the distribution networks 110.

While the broadband gateway 102 is shown in FIG. 1 as a single andseparate device, the invention need not be so limited. In one embodimentof the invention, the broadband gateway functionality may be implementedin a distributed manner over two or more devices. Furthermore, thebroadband gateway may be implemented as a virtual platform, for examplein instances where it may be implemented in distributed manner. Inanother embodiment of the invention, some or all of the functionality ofthe broadband gateway may be implemented within one of the televisionsavailable in the home.

As illustrated in FIG. 1, a plurality of home networks 100 b, . . . ,100 n, may also be connected to the distribution networks 110. Thesehome networks 100 b, . . . , 100 n may operate in substantially the samemanner as the home network 100 a. By having multiple home networksconnected to the distribution networks 110, various applications, suchas peer-to-peer communication and/or data aggregation operations may bepossible by utilizing the broadband gateways 102 in the home networks.

In operation, the broadband gateway 102 may be utilized as an interfacedevice that may allow one or more service providers 120 a-120 m, contentproviders 130 a-130 k, and/or emergency service provider networks 150 tointeract with various devices in a home network, such as in the homenetwork 100 a. In this regard, the broadband gateway 102 may supportconfiguring and/or using the plurality of broadband connections 108. Thebroadband connections 108 may comprise optical, wired and/or wirelessconnections between the broadband gateway 102 and the distributionnetworks 110, to enable communication between the broadband gateway 102and the service providers 120 a-120 m, content providers 130 a-130 k,and/or emergency service provider networks 150 for example. Thebroadband gateway 102 may be operable to perform and/or provide variousservices that may pertain to enabling and/or facilitating reception ofdata, such as multimedia content, for example, from one or more contentproviders, wherein the content may be delivered through one or moreservices providers. The broadband gateway 102 may distribute thereceived content to one or more devices in a home network, forconsumption, and/or may perform, directly and/or indirectly using otherdevices, any processing and/or operations (e.g., decryption and/oraccount validation) that may be needed to ensure that the content may beconsumed by the target home device(s).

The broadband gateway 102 may also provide and/or support various otherservices in the home network 100 a beyond reception and/or download ofcontent. For example, the broadband gateway 102 may be operable toprovide energy management in the home network 100 a, by controllingand/or adjusting configuration of one or more devices in the homenetwork to reduce power consumption for example. The broadband gateway102 may also provide emergency-related services in the home network 100a, including allowing first responders to provide alerts to a selectgroup of users by accessing the broadband gateway 102 via secure linksprovided by the service/content providers.

In various embodiments of the invention described herein, the broadbandgateway 102 may provide management of user confidential data. Exemplaryconfidential data may comprise financial or transactional information,and/or information that may be utilized in conjunction with healthcarerelated services and/or activities, such as medical records. Managementof user confidential data may comprise utilizing and/or incorporatingvarious techniques and/or means to secure storage of user confidentialdata, and/or to ensure that user confidential data is communicatedexternal to the home network 100 a in a secure manner. For example, auser associated with the broadband gateway 102 within the home network100 a may generate and/or update, via one or more of the home devices104 a-104 j, user related information. In this regard, users maycommunicate the user related information to the broadband gateway 102,using one or more of the home devices 104 a-104 j and a correspondingone or more the links 106 a-106 j. In some instances, the user relatedinformation may comprise confidential data, which users may desire toprotect against unauthorized, unintended and/or malicious, access and/orreception thereof. Accordingly, the broadband gateway 102 may beconfigured and/or utilized to control and/or manage storage and/orsharing of user confidential data, to guard against any suchunauthorized access or reception of user confidential data.

The user confidential data may be secured by, for example, encryptingthat information. In this regard, the broadband gateway 102 may beconfigured to perform the necessary encryption operations. Selection ofthe encryption algorithms may be performed autonomously by the broadbandgateway 102, and/or based on user input. Once encrypted, userconfidential data may not be accessed without using appropriatedecryption information. The decryption information may comprise, forexample, data identifying utilized encryption algorithm(s), and/or anynecessary encryption/decryption keys used therewith. Exemplaryencryption algorithms may comprise public-key based algorithms, such asRSA, symmetric key algorithms, such as Advanced Encryption Standard(AES), block ciphering based algorithms, such Data Encryption Standard(DES), and/or hash based algorithms, such as Secure Hash Algorithm(SHA). Users may maintain the decryption information, and may directlyprovide the decryption information when requested. The decryptioninformation may also be maintained in the broadband gateway 102, withusers controlling, wholly or partially, how and/or when the decryptioninformation may be provided. The decryption information may be providedas part of user authorization of confidential data access and/orreception. In one exemplary embodiment of the invention, the decryptioninformation may also be encrypted, using a different encryptionalgorithm, to further enhance protection of the user confidential data.

The broadband gateway 102 may be operable to provide secure storage ofuser confidential data. In this regard, the broadband gateway 102 maystore confidential data received from users serviced by the broadbandgateway 102 in the home network 100 a. The broadband gateway 102 maydirectly maintain the confidential data, that is, storing it directlywithin the broadband gateway 102. The broadband gateway 102 may alsostore the confidential data in a device coupled to the broadband gateway102, such as one of the home devices 104 a-104 j. For example, thebroadband gateway 102 may store the confidential data in the server 104d. In one embodiment of the invention, the broadband gateway 102 mayutilize distributed storage when storing the confidential data. In thisregard, the distributed storage of user confidential data may comprisesplitting and/or dividing the confidential data, via the broadbandgateway 102 for example, into a plurality of portions, which may bestored separately in multiple storage locations and/or devices.

The multiple storage locations and/or devices may be located within thehome network 100 a. For example, the broadband gateway 102 may split theconfidential data into two portions, which may then be stored in thelaptop computer 104 b and the server 104 d, respectively. One or more ofthe multiple storage locations and/or devices may also be locatedoutside the home network 100 a, however. In this regard, the broadbandgateway may communicate portions that are to be stored external storagelocation and/or devices via one of more of the plurality of differentbroadband connections 108. In instances where the confidential data maybe encrypted, the confidential data may be encrypted prior to itsstorage, and the confidential data, and/or any portions thereof, maythen be stored as encrypted data.

The broadband gateway 102 may also be operable to provide securecommunication and/or sharing of user confidential data outside the homenetwork 100 a. For example, in instances where use confidential datacomprise healthcare related information, users may desire to communicatethis information to healthcare providers for example, but only if thatis be done in a manner that may ensure that the communicated informationwould not be received, intercepted and/or otherwise accessed withoutauthorization, and/or by entities not intended to receive or access it.Accordingly, the broadband gateway 102 may utilize and/or incorporatevarious mechanisms to ensure that user confidential data is communicatedand/or shared securely. For example, the broadband gateway 102 mayutilize tracking based communication of confidential data. In thisregard, tags may be incorporated into network packets carrying theconfidential data, or into the confidential data itself, to enablingtracking communicated confidential as it traverses the network. Theincorporated tags may require, for example, alerting users associatedwith the communicated, every time the communicated confidential data isreceived and/or accessed for example. The tags may also require thatusers associated with the communicated confidential data acknowledge thereception of the alert messages. Furthermore, in instances where thecommunicated confidential data may be encrypted, acknowledgementresponses may also incorporate and/or carry the decryption informationnecessary to decrypt the confidential data.

In one embodiment of the invention, secure communication and/or sharingof user confidential data may also comprise use of mechanisms that mayensure that the communicated confidential data, and/or network packetscarrying that confidential data, may be rendered unusable under certainconditions. In this regard, the communicated confidential data, and/orthe network packets used during any such communication may be renderedunusable by deletion, decimation, corruption, and/or by making theminaccessible. For example, the broadband gateway 102 may utilize and/orincorporate timing and tracking parameters or tags into network packetscarrying the confidential data, and/or into the confidential data itselfto require deleting, decimating, corrupting, and/or rendering the datainaccessible. In this regard, the confidential data and/or the networkpackets carrying the confidential data may be deleted, decimated,corrupted, and/or rendered inaccessible, after traversing the networkfor a predetermined duration.

In one embodiment of the invention, secure communicate and/or sharing ofuser confidential data may also be achieved by utilizing distributedstorage of the confidential data. Dividing and/or splitting theconfidential data into a plurality of portions stored in multiplestorage locations and/or devices may ensure that unauthorized entitiesadvertently or maliciously receiving may only be able to obtain portionsof the confidential data. In this regard, only when users authorize thetransfer and/or sharing of the confidential data, intended recipientsmay be able to receive all the portions, and/or to aggregate theportions to obtain the confidential data. Furthermore, in instanceswhere the confidential data may be encrypted, the decryption informationnecessary to decrypt the confidential data may only be provided, by theuser and/or the broadband gateway 102, as part of user authorizationprocedure.

FIG. 2 is a block diagram illustrating an exemplary broadband gateway,in accordance with an embodiment of the invention. Referring to FIG. 2,there is shown a broadband gateway 200 that may be substantially similarto the broadband gateway 102 described above with respect to FIG. 1.

The broadband gateway 200 may comprise suitable logic, circuitry, code,and/or interfaces that may be operable to provide connectivity betweenone or more external networks, such as the distribution networks 110shown in FIG. 1, for example, and one or more devices in a home network,such as the home devices 104 a-104 j in the home network 100 a shown inFIG. 1. In this regard, the broadband gateway 200 may operate as aninterface device that allows one or more service providers 120 a-120 m,one or more content providers 130 a-130 k, and/or emergency serviceproviders 150, to interact with various devices in a home networkserviced by the broadband gateway 200, and/or among the home devicesthemselves within the serviced home network.

The broadband gateway 200 may interact with serviced devices in a homenetwork, such as the home network 100 a, via wired and/or wirelesscommunication links, to support communicating between the broadbandgateway 200 and the home devices, and/or among the home devices via thebroadband gateway 200. In this regard, the broadband gateway 200 maycomprise suitable hardware and/or software to provide some or all of thefunctions and/or operations of one or more of a modem, a router, and aswitch. The modem functions and/or operations may be those of a digitalsubscribed line (DSL) modem, a cable modem, or a wireless cable modem,for example. The router functions and/or operations may be those of awireless router, for example. The switch functions and/or operations maybe those of a network switch, or a local area network (LAN) switch, forexample. In some instances, the broadband gateway 200 may communicatewith the various devices in the home via more than one home network.

The broadband gateway 200 may comprise a plurality of modules, each ofwhich may comprise hardware, software, or a combination thereof that maybe utilized to perform various operations associated with the broadbandgateway 200. For example, in an embodiment of the invention, shown inFIG. 2, the broadband gateway 200 may comprise a processing subsystem202, a storage subsystem 204, a provider interfacing subsystem 210, anda client-network interfacing subsystem 220. In some instances, thebroadband gateway 200 may be such that the various modules listed abovemay be distributed over multiple devices. Moreover, the modules listedabove are provided by way of illustration and not of limitation. Otherconfigurations and/or architectures of the broadband gateway 200 may beimplemented. For example, the broadband gateway 200 may be a virtualgateway setup in a network by utilizing virtual machines (VMs) and/ornext-generation (NG) data centers.

The processing subsystem 202 may comprise suitable logic, circuitry,interfaces, and/or code that may be operable to process data receivedfrom the service and/or content providers and/or data received from oneor more devices in the home network 100 a. In this regard, theprocessing subsystem 202 may comprise one or more portions that aresuitable to handle certain types of data such as video data and/or audiodata, for example. The processing subsystem 202 may also be operable tocontrol and/or manage operations of the broadband gateway 200, and/orperforming tasks and/or applications therein. For example, theprocessing subsystem 202 may enable execution of applications, programsand/or code, which may be stored in the storage subsystem 204 forexample. In this regard, the processing subsystem 202 may be operable toconfigure and/or control operations of various components and/orsubsystems of the broadband gateway 200, and/or other devices managed byand/or connected to broadband gateway 200, by utilizing, for example,one or more control signals. The processing subsystem 202 may alsocontrol data transfers within the broadband gateway 200, in the courseof performing various applications and/or tasks for example. Theprocessing subsystem 202 may comprise, for example, a plurality ofprocessors, which may be general and/or specialized processors (e.g.CPU, video processors, and/or audio processors). While the processingsubsystem 202 is shown herein as a single block, the invention needs notbe so limited. Accordingly, in instances where the broadband gateway 200is implemented a distributed platform, some of the operations and/orfunctions described herein with regard to the processing subsystem 202may be performed by different components that may be located indifferent devices.

In an exemplary aspect of the invention, the processing subsystem 202may comprise a confidential data management module 206. In this regard,the confidential data management module 206 may comprise suitable logic,circuitry, interfaces, and/or code that may be operable to perform,control, and/or support management of users confidential data via thebroadband gateway 200, substantially as described with regard to FIG. 1.In this regard, the confidential data management module 206 may beoperable to control and/or manage encryption of user confidential data,secure storage of user confidential data, and/or secure communicationand/or sharing of user confidential data.

The storage subsystem 204 may comprise suitable logic, circuitry,interfaces, and/or code that may be operable to store data utilized inthe operations of the broadband gateway 200. In this regard, the storagesubsystem 204 may comprise one or more memory devices that may enablepermanent and/or non-permanent storage, buffering, and/or fetching ofdata, code and/or other information which may be used, consumed, and/orhandled in the broadband gateway 200. For example, the storage subsystem204 may be utilized to store configuration data, parameters, deviceinformation, tracking and/or monitoring information, securityinformation, and intermediate processing data, for example. The storagesubsystem 204 may comprise storage media integrated in the broadbandgateway 200 and/or one or more removable storage devices. The storagesubsystem 204 may comprise different memory technologies, including, forexample, read-only memory (ROM), random access memory (RAM), and/orFlash memory. In an exemplary aspect of the invention, the storagesubsystem 204 may be utilized to store confidential data managementrelated information and/or code, which may be utilized in conjunctionwith confidential data management related services provided by, and/oroperations performed by the broadband gateway 200, substantially asdescribed with regard to FIG. 1.

The provider interfacing subsystem 210 may comprise suitable logic,circuitry, interfaces, and/or code that may be operable to communicatedata via one or more physical layer connections 208 a-208 j, to one ormore corresponding network access service providers via the distributionnetworks 110 for example. The provider interfacing subsystem 210 may beoperable to support multiple communication protocols, standards, and/ordata transport technologies. In this regard, each of the physical layerconnections 208 a-208 j may connect the gateway 200 to different networkaccess service provider, and may comprise a wired, optical, or wirelessconnection. Each of the physical layer connections 208 a-208 j mayutilize different physical media and/or different physical layerprotocols. For example, the connection 208 a may comprise a DSL overtwisted-pair connection whereas and the connection 208 j may comprise aCATV over coaxial cable connection. Accordingly, the providerinterfacing subsystem 210 may enable accessing and/or communicating withone or more service providers 120 a-120 m and/or content providers 120a-120 m, via the distribution networks 110. The provider interfacingsubsystem 210 may also be utilized to communicate data to and/or fromthird parties. In this regard, the provider interfacing subsystem 210may enable gateway-to-gateway communication and/or interactions betweenthe broadband gateway 200 and communication devices located outside thehome network 100 a, directly and/or indirectly through distributionnetworks corresponding to one or more service providers. The providerinterfacing subsystem 210 may enable concurrently communicating withmultiple and/or different service/content providers and/or devices.

The client-network interfacing subsystem 220 may comprise suitablelogic, circuitry, interfaces, and/or code that may be operable to senddata to one or more devices in the home network serviced and/or managedby the broadband gateway, such as the home network 100 a. Theclient-network interfacing subsystem 220 may also be operable to receivedata from one or more devices in the home network 100 a. Theclient-network interfacing subsystem 220 may be operable to supportmultiple communication protocols, standards, and/or data transporttechnologies. For example, the client-network interfacing subsystem 220may support the links 106 a-106 j.

In operation, the broadband gateway 200 may be utilized as an interfacedevice that may interact with a plurality of devices in a home network,such as such as the devices 104 a-104 j in the home network 100 a,and/or may provide connectivity between the devices in the home networkand service and/or content providers. The broadband gateway 200 may alsointeract with a plurality of home devices in a home network, such as thedevices 104 a-104 j in the home network 100 a, using the client-networkinterfacing subsystem 220. In this regard, the client-networkinterfacing subsystem 220 may support use of one or more of the links106 a-106 j. Furthermore, the broadband gateway 200 may interact withone or more service providers 120 a-120 m via the provider interfacingsubsystem 210, to enable exchanging messages and/or content for example,via one or more of the distribution networks 110. Accordingly, thebroadband gateway 200 may enable and/or facilitate obtaining content(e.g. multimedia content) from one or more content providers 130 a-130k, wherein the content may be delivered through one or more servicesproviders 120 a-120 m. The broadband gateway 200 may distribute thereceived content to one or more of the plurality of home devices 104a-104 j, for content consumption, and/or may perform, directly via theprocessing subsystem 202 and/or indirectly utilizing other devicescommunicatively coupled to the broadband gateway 200, any processingand/or procedures (e.g. decryption and/or account validation) that maybe necessary to ensure that the content may be consumed by the homedevice(s).

The broadband gateway 200 may be operable to run or execute an agent toextract content, rating, copyright, language, privacy rules, andautomatically add user generated content, for example. Such agent may berun or executed in connection with the processing subsystem 202 of thebroadband gateway 200, for example. Furthermore, the broadband gateway200 may be operable to combine and/or blend multiple contents for use assingle content in the home network. Such combination may be performed inone or more of the modules of the broadband gateway 200. For example,the broadband gateway 200 may blend different video and audio contentsfor an event by accessing one or more service/content providers andproviding automatic and/or manual content synchronization.

The broadband gateway 200 may also provide various services and/or tasksbeyond, in addition to, and/or in conjunction with content delivery tohome devices. For example, the broadband gateway 200 may perform contentsearch, transport discovery, ranking, and/or sorting. In this regard,some operations may be performed based on content quality, price,quality-of-service (QoS), and network protocols supported by the devicesin the home network, such as service level agreements (SLAs), forexample.

The broadband gateway 200 may provide user interface services in thehome network. In this regard, the broadband gateway 200 may be operableto support user interfaces, and/or to generate and/or store datacorresponding thereto, which may be utilized to enable interactionsbetween the broadband gateway 200 and users, such as in the home network100 a for example. Exemplary user interfaces may comprise graphic userinterfaces (GUIs), which may enable visually displaying and/or providinginteraction with users, to provide visual interaction with customizedcontent for example. Information inputted and/or outputted using theuser interfaces may be stored in the broadband gateway 200, via thestorage subsystem 204 for example. The user interfaces may enableconfiguring the broadband gateway 200, and/or any applications and/orservices provided thereby, and/or may also be utilized to configureand/or adjust other devices in the home network 100 a. GUIs, and likeinterfaces, may be displayed using one or more devices coupled to thebroadband gateway 200. For example, interfaces generated and/or used bythe broadband gateway 200 may be displayed using the television 104 a.

The broadband gateway 200 may also be utilized to create, maintain,and/or update a plurality of profiles corresponding to users, devices,and/or services available in the home network 100 a. Furthermore, userinterfaces supported and/or used by the broadband gateway 200 may beutilized to enable displaying and/or modifying user, device, and/orservice profiles. Data corresponding to these profiles may be stored inthe storage subsystem 204 of the broadband gateway 200. For example,device-profiles may be utilized to store information associated withparticular devices that may be coupled to and/or serviced by thebroadband gateway 200. In this regard, device-profiles may be utilizedfor storage of information pertaining to device capabilities,limitations, requirements, and/or configuration parameters therefor.User-profiles may be utilize to store information associated withparticular users, such as setting preferences for various devices and/orservices that may be utilized by a particular user in conjunction withthe broadband gateway 200. The broadband gateway 200 may utilize userand/or home device profile information to, for example, select layeredvideo service(s) and/or transmission. In some instances, the programmingand/or enhanced video layers received by the broadband gateway 200 maybe aggregated midstream by one or more network or routing nodes.

The gateway functionality associated with a user, such as securityfeatures, preferences, applications, electronic programming guides(EPGs), and user profile, for example, may be ported from the broadbandgateway 200 to one or more other broadband gateways 200 in otherlocations. In some instances, a visitor may be allowed access to theircontent outside their service/content provider service area by, forexample, classifying the access level for different users and/or byproviding limited access to content. Moreover, the broadband gateway 200may allow multiple user interface software structures by, for example,standardizing an interface to service/content providers and devices inthe home network.

In various embodiments of the invention, the broadband gateway 200 mayprovide, via the user confidential data management module 206 forexample, management of user confidential data, substantially asdescribed with regard to FIG. 1, for example. In this regard, thebroadband gateway 200 may be configured and/or utilized to controland/or manage storage and/or sharing of user confidential data, to guardagainst any such unauthorized access or reception of user confidentialdata. The broadband gateway 200 may be operable to encrypt managed userconfidential data. In this regard, the user confidential data managementmodule 206 may be configured to select one or more encryptionalgorithms, and/or perform, via the processing subsystem 202 forexample, necessary encryption operations on managed user confidentialuser data based thereon, substantially as described with regard toFIG. 1. Once encrypted, user confidential data may not be accessedwithout using appropriate decryption information, which identifiedencryption algorithm(s) applied to the user confidential data, and/ormay provide parameters required to decrypt that data, such as decryptionkeys used therewith for example. In this regard, the user confidentialdata management module 206 may generate and/or update the decryptioninformation, and/or may maintain it, in the storage subsystem 204, forexample.

The broadband gateway 200 may provide, via the user confidential datamanagement module 206, secure storage of user confidential data,substantially as described with regard to FIG. 1. In this regard, thebroadband gateway 200 may store user confidential data received fromusers serviced by the broadband gateway 200. The broadband gateway 200may directly maintain the user confidential data, by storing it withinstorage subsystem 204 for example. The broadband gateway 200 may alsostore at least a portion of managed user confidential data in one ormore storage locations and/or devices which may be communicativelycoupled to the broadband gateway 200, substantially as described withregard to FIG. 1. In this regard, the broadband gateway 200 maycommunicate with the storage locations and/or devices via theclient-network interfacing subsystem 220 or the provider interfacingsubsystem 210, based on whether the storage locations and/or devices arelocated within the home network or outside it, respectively.

The broadband gateway 200 may also be operable to provide securecommunication and/or sharing of user confidential data, substantially asdescribed with regard to FIG. 1. In this regard, the broadband gateway200 may utilize and/or incorporate various mechanisms to ensure thatuser confidential data is communicated and/or shared securely. Forexample, the broadband gateway 200 may utilize, via the userconfidential data management module 206, tracking based communication ofuser confidential data. In this regard, the user confidential datamanagement module 206 may incorporate tags into network packets carryingthe user confidential data to enabling tracking communicatedconfidential as it traverses the network. The incorporated tags mayrequire, for example, alerting users associated with the communicated,every time the communicated user confidential data is received and/oraccessed for example, and/or may also require that users associated withthe communicated user confidential data acknowledge the reception of thealert messages.

Secure communication and/or sharing of user confidential data may alsocomprise use of mechanisms that ensure the communicated confidential maybecome unusable under certain conditions. In this regard, communicatedconfidential data, and/or the network packets utilized in communicatingthe confidential data, may be rendered unusable by means of deletion,decimation, corruption, and/or by making them inaccessible. For example,the user confidential data management module 206 may calculate orestimate a duration of communication, based on prior interactions withrequesting entities for example, and/or may incorporated timingparameters and/or tags the communicated confidential data, and/or intonetwork packets carrying the user confidential data, to cause deletion,decimation, and/or corruption, and/or rendering inaccessible thecommunicated confidential data and/or the network packets aftertraversing the network for the predetermined duration.

The broadband gateway 200 may also be operable to utilized distributedstorage of the user confidential data in conjunction with communicationand/or sharing of the user confidential data. In this regard, the userconfidential data may be stored as a plurality of portions, stored inmultiple storage locations and/or devices. Accordingly, only when usersauthorize communication and/or sharing of the user confidential data,does the broadband gateway 200 trigger communication of each of theportions, via the provider the provider interfacing subsystem 210 forexample, to enable aggregating the portions to obtain the userconfidential data. Furthermore, in instances where the user confidentialdata may be encrypted, the broadband gateway 200 may also communicatethe decryption information.

FIG. 3A is a block diagram illustrating an exemplary tracking basedsecure communication of user confidential data via a broadband gateway,in accordance with an embodiment of the invention. Referring to FIG. 3A,there is shown a home network 300, which may comprise a broadbandgateway 302 and a home device 304. Also shown in FIG. 3A is a pluralityof recipients 310 a-310 n.

The broadband gateway 302 may be similar to the broadband gateway 102,substantially as described with regard to FIGS. 1 and 2, and may beutilized similarly to service and/or manage the home network 300, whichmay be similar to the home network 100 a of FIG. 1. In this regard, thehome network 300 may comprise a plurality of home devices which may beserviced and/or managed by the broadband gateway 302, of which the homedevice 304 is shown. The home device 304 may be similar to one or moreof the home devices 104 a-104 j of FIG. 1. The home device 304 maycomprise, for example, a desktop computer or smartphone. The home device304 may communicate with the broadband gateway 302 via a link 306, whichmay be similar to one or more of the links 106 a-106 j of FIG. 1. Inthis regard, the link 306 may comprise, for example, a wired Ethernetlink, a wireless Ethernet link, a USB link, or an IEEE 1394 link. Thebroadband gateway 302 may be utilized to service a plurality of users inthe home network 300, of which user 308 is show. In this regard, theuser 308 may utilize the home device 304 to interact with the broadbandgateway, and/or to utilize services and/or applications provided by thebroadband gateway 302.

Each of the recipients 310 a-310 n may comprise suitable logic,circuitry, interfaces, and/or code that may be operable to communicateand/or interact with the broadband gateway 302, via the distributionnetworks 110 for example (not shown). In this regard, one or more of therecipients 310 a-310 n may correspond to entities providing certainservices, such as healthcare or financial services, and may communicatewith consumers and customers, using communication devices such ascomputers or servers for example, ///new sentence/// and may utilize theuser confidential data in conjunction with providing services tocorresponding customers. In this regard, the recipient 310 a maycorrespond to, for example, a financial institution, such as a bank,whereas the recipient 310 b may correspond to a healthcare provider,such as a hospital or a personal physician clinic. In some instances,however, the one or more of the recipients 310 a-310 n may correspond toan entity receiving user confidential data inadvertently, and/or seekingto obtain user confidential data in unauthorized manner, such as ahacker for example.

In operation, the broadband gateway 302 may be utilized to serviceand/or manage the home network 300, substantially as described withregard to FIG. 1 for example. In this regard, the broadband gateway 302may be utilized to provide management of confidential data associatedwith users in the home network 300, such as the user 308 for example.The broadband gateway 302 may receive user confidential data associatedwith the user 308, which may be provided by the user 308 using the homedevice 304, and then communicated to the broadband gateway 302 via thelink 306. The user confidential data may comprise financial information,which the user 308 may provide to financial service providers, such asthe recipient 310 a, and/or healthcare related information, which theuser 308 may provide to healthcare providers such as recipient 310 b.The broadband gateway 302 may encrypt the user confidential data,substantially as described with regard to FIGS. 1 and 2, to protect thatinformation in instances where it may be accessed by and/or communicatedby unintended and/or unauthorized recipient(s). In this regard, theconfidential data may only be utilized after it has been properlydecrypted, based on decryption information provided by, for example, theuser 308.

The broadband gateway 302 may ensure secure communication and/or sharingof user confidential data. For example, the broadband gateway 302 mayutilize tracking based mechanisms to ensure secure communication of userconfidential data associated with the user 308. In this regard, duringcommunication of user confidential data, the broadband gateway 302 mayincorporate tags into network packets carrying the confidential data, orinto the confidential data itself, to enable tracking communicatedconfidential as it traverses the network. The incorporated tags mayrequire each recipient 310 to transmit back to the broadband gateway 302an alert message 312 whenever that recipient receives a network packetcarrying the confidential data, or any portion thereof. The broadbandgateway 302 may then trigger a corresponding alert, which may becommunicated to the user 308 via the home device 304. The user 308 maythen authorize accessing of the user confidential data, using user inputprovided via the home device 304, which may be communicated to thebroadband gateway 302 via the link 306 for example. In turn, thebroadband gateway 302 may transmit an acknowledgement response 314authorizing access of the confidential data by the recipient that sentthe alert message 312. In one exemplary embodiment of the invention, thebroadband gateway 302 may be configured, based on user input forexample, to autonomously handle and/or respond to alert messages 312,based on predetermined criteria for example. For example, the user 308may specify that alert messages 312 b received from recipient 310 b maybe handled and/or responded to, by transmitting acknowledgment responses314 b, directly by the broadband gateway 302.

In instances where the confidential data is encrypted, the acknowledgeresponses 314 may also incorporate and/or carry decryption informationthat may be utilized to decrypt the confidential data. In this regard,the decryption information may identify, for example, the utilizedencryption algorithm, and/or may provide necessary decryptionparameters, such as decryption keys for example. The decryptioninformation may be provided by the user 308 as part of the user inputprovided in response to reception of the alert. The decryptioninformation may also be maintained in the broadband gateway 302, and mayonly be incorporated into the acknowledge response 314 based on userinput. Accordingly, in this manner, the acknowledgement responses 314may be utilized to bar access to confidential data when received by anunauthorized recipient. For example, in instances where the broadbandgateway 302 receives the alert message 314 n from the recipient 310 n,and the user decides to decline authorization of access to theconfidential data by the recipient 310, the access to the confidentialdata may be barred by omitting transmittal of a correspondingacknowledgement response 314.

In order to further secure communication of confidential data, thebroadband gateway 302 may also incorporate mechanisms that may enablerendering the confidential data unusable under certain conditions. Inthis regard, the broadband gateway 302 may utilized and/or incorporatedinto the confidential data, and/or into network packets carrying theconfidential data, various timing parameters that enable rendering theconfidential data and/or the network packets unusable. For example, ininstances where the confidential data is only intended for recipient 310b, the broadband gateway 302 may calculate and/or estimate a durationrequired for communicating the confidential data to the recipient 310 a,and may then incorporate timing tags that may enable deleting,decimating, corrupting and/or making the confidential data and/or thenetwork packets carrying the confidential data unusable after passage ofthat duration, such as before reaching the recipient 310 n for example.

FIG. 3B is a block diagram illustrating an exemplary distributed storageand secure communication of user confidential data via a broadbandgateway, in accordance with an embodiment of the invention. Referring toFIG. 3B, there is shown the home network 300 of FIG. 3A. Also shown inFIG. 3B is a plurality of storage devices 340 a-340 m and a requester350.

Each of the storage devices 340 a-340 m may comprise suitable logic,circuitry, interfaces, and/or code that may be operable to providepermanent and/or temporary storage of information, and/or fetching orretrieval thereof. The storage devices 340 a-340 m may also be operableto communicate and/or interact with the broadband gateway 302 and/or therequester 350, using wired, wireless, and/or optical connections forexample. One or more of the storage devices 340 a-340 m may be locatedoutside the home network 300. In one exemplary embodiment shown in FIG.3B, the storage device 340 a is located within the home network 300,whereas the remaining storage devices 340 b-340 m are located outsidethe home network 300.

The requester 350 may comprise an entity that may request userconfidential data which may be available via the broadband gateway 302.In this regard, the requester 350 may comprise suitable logic,circuitry, interfaces, and/or code that may be operable to communicateand/or interact with the broadband gateway 302, via the distributionnetworks 110 for example (not shown). The requester 350 may becorrespond to one or more of the recipients 310 a-310 n, substantiallyas described with regard to FIG. 3A for example. In this regard, therequester 350 may comprise an entity providing certain services, such ashealthcare or financial services, and which may utilize the userconfidential data in conjunction with providing services to thatparticular user. In some instances, however, the requester 350 maycorrespond to an entity seeking to obtain user confidential data inunauthorized manner.

In operation, the broadband gateway 302 may be operable to providesecure storage of user confidential data. In this regard, the broadbandgateway 302 may securely store confidential data associated with usersserviced by the broadband gateway 302 in the home network 300, such asthe user 308. The broadband gateway 302 may maintain the userconfidential data, by storing it directly within the broadband gateway302. The broadband gateway 302 may also store the user confidential datain a device coupled to the broadband gateway 302, such as one of thestorage devices 340 a-340 m. For example, the broadband gateway 302 maystore the confidential data in the storage devices 340 a. In oneembodiment of the invention, the broadband gateway 302 may utilizedistributed storage when storing user confidential data, substantiallyas describe with regard to FIG. 1. For example, the user 308 maygenerate some confidential data 320, using the home device 304, forexample. The user 308 may then communicate the user confidential data320 to the broadband gateway 302, using the home device 304 and the link306. To facilitate distributed storage of the user confidential data320, the broadband gateway 302 may split the user confidential data 320into a plurality of portions 322, comprising portions 1, 2, . . . , M,such that each of the plurality of portions 322 may be stored separatelyin one the plurality of storage devices 340 a-340 m. For example,portion 1 may be stored in the storage device 340 a, portion 2 may bestored in the storage device 340 b, . . . , and portion M may be storedin the storage device 340 m. In instances the, user confidential data320 may be encrypted before any partitioning. Accordingly, the pluralityof portions 322 may comprise portion of the encrypted user confidentialdata 320, and therefore, the original user confidential data 320 may beobtained only after aggregating the portions 1, 2, . . . , M; and thenapplying appropriate decryption.

The broadband gateway 302 may utilize the distributed storage describedherein to facilitate and/or support secure communication and/or sharingof the user confidential data 320. Partitioning the user confidentialdata 320 into the plurality of portions 322, and storing the pluralityof portions 322 separately thereafter, may protect against inadvertentor malicious access of the user confidential data 320 because any suchaccess would require obtaining all of the plurality of portions 322. Forexample, the requester 350 may send a request message 352 requesting theuser confidential data 320. The broadband gateway 302 may alert the user308, via the home device 304 for example. If the user 308 does notauthorize accessing the user confidential data, the requester 350 may bepreventing for obtaining that data even if the requester 350 managed toobtain some portions, such as portions 2 and M for example. In instanceswhere the user 308 may authorize access to the user confidential data320, by providing appropriate user input via the home device 304 forexample, the broadband gateway 302 may respond to the requester 350. Inthis regard, the broadband gateway 302 may trigger communication of aplurality of messages 354, comprising copies of the portions 1, 2, . . ., M, from the storage devices 340 a-340 m, respectively, to therequester 350. Once the requester 350 receives all of the portions 1, 2,. . . , M, the requester 350 may aggregate the portions to obtain theuser confidential data 320.

In instances where the user confidential data 320 is encrypted,decryption information which may be required to decrypt the confidentialdata may also be sent to the requester 350. For example, the broadbandgateway 302 may communicate a response message 356 carrying thedecryption information, for use decrypting plurality of portions 322.The decryption can be before or after aggregating the portions 1, 2, . .. , M. In this regard, the decryption information may identify, forexample, applied encryption algorithm(s), and/or necessary decryptionparameters used therewith, such as decryption keys for example.

The broadband gateway 302 may be configured, based on user inputprovided by the user 308 for example, to autonomously handle and/orrespond to request messages 352, based on predetermined criteria forexample. For example, the user 308 may specify that if the requester 350authenticates that it is a legitimate requester, for example the user'shealthcare provider or bank, the broadband gateway 302 may handlecommunication of the plurality of portions 322 and/or the decryptioninformation directly, and/or without user input.

FIG. 4A is a flow chart that illustrates exemplary steps for utilizing abroadband gateway to provide secure storage of user confidential data,in accordance with an embodiment of the invention. Referring to FIG. 4A,there is shown a flow chart 400 comprising a plurality of exemplarysteps that may be performed by a broadband gateway, such as thebroadband gateway 102, to provide secure storage of confidential dataassociated with users serviced by the broadband gateway 102 in a homenetwork, such as the home network 100 a.

In step 402, a broadband gateway, such as the broadband gateway 302, mayreceive data from a user, such as the user 308 in the home network 300.In step 404, a determination of whether the received data comprisesconfidential data may be performed. In instances where the received datadoes not comprise user confidential data, the plurality of exemplarysteps may terminate. Returning to step 404, in instances where thereceived data comprises user confidential data, the plurality ofexemplary steps may proceed to step 406. In step 406, a determination ofwhether to encrypt the user confidential data may be performed. Ininstances where no encryption of the user confidential data is required,the plurality of exemplary steps may skip directly to step 410.Returning to step 404, in instances where encryption of the userconfidential data is required, the plurality of exemplary steps mayproceed to step 408.

In step 408, encryption of the user confidential data may be performed.In this regard, the broadband gateway 302 may select and apply one ormore encryption algorithms to the received user confidential data,substantially as described with regard to FIG. 3A, for example. In step410, the user confidential data may be securely stored. In this regard,the broadband gateway 302 may store the user confidential data in singledevice or in distributed manner, substantially as described with regardto FIGS. 3A and 3B.

FIG. 4B is a flow chart that illustrates exemplary steps for utilizing abroadband gateway to provide secure communication and/or sharing of userconfidential data, in accordance with an embodiment of the invention.Referring to FIG. 4B, there is shown a flow chart 430 comprising aplurality of exemplary steps that may be performed by a broadbandgateway, such as the broadband gateway 102, to provide securecommunication and/or sharing of confidential data associated with usersserviced by the broadband gateway 102 in a home network, such as thehome network 100 a.

In step 432, a broadband gateway, such as the broadband gateway 302, mayreceive a request to provide user confidential data maintained in a homenetwork, such as the home network 300. In step 434, a determinationwhether communication and/or sharing of user confidential data isauthorized may be performed. In this regard, the authorization may bebased on, in whole or part, user input. In instances where communicationor sharing of user confidential data is not authorized, the plurality ofexemplary steps may terminate. Returning to step 434, in instances wherecommunication and/or sharing of user confidential data is authorized,the plurality of exemplary steps may proceed to step 436. In step 436,the broadband gateway may select one or more mechanisms for ensuringthat communication and/or sharing of user confidential data may be donein a secure manner. For example, the broadband gateway 302 may utilizetagging based tracking, incorporation of termination conditions, and/orutilization of distributed storage based transmissions to ensure securecommunication and/or sharing of user confidential data, substantially asdescribed with regard to FIGS. 3A and 3B. In step 438, the broadbandgateway 302 may communicate user confidential data, and/or may performnecessary steps/operations to ensure security of communication based onthe selected mechanisms. In this regard, the broadband gateway 302 mayensure that alert messages 312 are received and/or that acknowledgementresponses 314 are transmitted when utilizing tracking, for example.

Various embodiments of the invention may comprise a method and systemfor providing secure communication and/or sharing of personal data viabroadband gateway. the broadband gateway 302 may be utilized to manageconfidential data associated with the user 308 serviced by the broadbandgateway 302, in the home network 300, to protect the user confidentialdata against unauthorized access and/or reception. Management of userconfidential data may comprise encrypting the user confidential data,via the confidential data management module 206 for example, using oneor more encryption algorithms and/or protocols. The broadband gateway302 may provide decryption information corresponding to appliedencryption algorithms, such as when a request for user confidential datais received by the broadband gateway 302, and authorized by the user308.

Management of user confidential data may also comprise securingcommunication of the user confidential data during the management of theuser confidential data of the user. In this regard, communication of theuser confidential data may be secured by tracking the communicated userconfidential data, by incorporating tags into one or more networkpackets utilized during that communication. The tags may requirealerting the user, using alert messages 312 for example, and/oracknowledgment by the user, via acknowledgement responses 314, when oneor more of the network packets are received and/or when the userconfidential data is accessed during the secure communication.

Secure communication of user confidential data may also compriseincorporating one or more access control parameters into the userconfidential data the network packets utilized in carrying the userconfidential data, to enable rendering the user confidential data,and/or the network packets unusable when one or more conditions are metbased on the incorporated access control parameters. The userconfidential data and/or the network packets may be rendered unusable bymeans of deletion, decimation, corruption, and/or by making theminaccessible. The access control parameters may comprise various timingtags and/or parameters. The broadband gateway 302 may utilizedistributing storage of the user confidential data during management ofthe user confidential data. In this regard, the distributed storage ofuser confidential data may comprise dividing the user confidential data320 into the plurality of portions 322, and storing the plurality ofportions 322 in the plurality of storage devices 340 a-340 m. Use ofdistributed storage may be utilized to facilitate secure communicationof the user confidential data, by communicating the plurality ofportions from the plurality of storage devices 340 a-340 m when the userconfidential data is requested 352, by the requester 350 for example,only when communication of the plurality of portions 322 is authorized.Accordingly, the requester 350 may obtain the user confidential data 320by aggregating the communicated plurality of portions 354.

Other embodiments of the invention may provide a non-transitory computerreadable medium and/or storage medium, and/or a non-transitory machinereadable medium and/or storage medium, having stored thereon, a machinecode and/or a computer program having at least one code sectionexecutable by a machine and/or a computer, thereby causing the machineand/or computer to perform the steps as described herein for providingsecure communication and/or sharing of personal data via broadbandgateway.

Accordingly, the present invention may be realized in hardware,software, or a combination of hardware and software. The presentinvention may be realized in a centralized fashion in at least onecomputer system, or in a distributed fashion where different elementsare spread across several interconnected computer systems. Any kind ofcomputer system or other apparatus adapted for carrying out the methodsdescribed herein is suited. A typical combination of hardware andsoftware may be a general-purpose computer system with a computerprogram that, when being loaded and executed, controls the computersystem such that it carries out the methods described herein.

The present invention may also be embedded in a computer programproduct, which comprises all the features enabling the implementation ofthe methods described herein, and which when loaded in a computer systemis able to carry out these methods. Computer program in the presentcontext means any expression, in any language, code or notation, of aset of instructions intended to cause a system having an informationprocessing capability to perform a particular function either directlyor after either or both of the following: a) conversion to anotherlanguage, code or notation; b) reproduction in a different materialform.

While the present invention has been described with reference to certainembodiments, it will be understood by those skilled in the art thatvarious changes may be made and equivalents may be substituted withoutdeparting from the scope of the present invention. In addition, manymodifications may be made to adapt a particular situation or material tothe teachings of the present invention without departing from its scope.Therefore, it is intended that the present invention not be limited tothe particular embodiment disclosed, but that the present invention willinclude all embodiments falling within the scope of the appended claims.

1-20. (canceled)
 21. A broadband gateway within a local area network(LAN), the broadband gateway comprising: circuitry configured to receivea request for user confidential data from a requester that is outsidethe LAN; retrieve the user confidential data from a plurality of storagedevices within the LAN, the user confidential data having been dividedinto a plurality of portions and the plurality of portions stored amongthe plurality of storage devices; and transmit said user confidentialdata to said requester.
 22. The broadband gateway according to claim 21,wherein the circuitry is further configured to encrypt said userconfidential data, and the circuitry transmits said encryptedconfidential data to said requester.
 23. The broadband gateway accordingto claim 22, wherein the circuitry is further configured to provide, inresponse to an authorization of said request from the requester,decryption information associated with said encrypted user confidentialdata to the requester.
 24. The broadband gateway; according to claim 21,wherein the circuitry is further configured to aggregate the pluralityof portions to assemble the user confidential data.
 25. The broadbandgateway according to claim 21, wherein the circuitry is furtherconfigured to incorporate security tags into one or more network packetsincluding said user confidential data.
 26. The broadband gatewayaccording to claim 25, wherein said security tags alert said circuitrywhen said one or more network packets are received and/or when said userconfidential data is accessed.
 27. The broadband gateway according toclaim 21, wherein the circuitry transmits the user confidential data bytransmitting the plurality of portions of said user confidential data.28. A method, comprising: receiving, by circuitry within a local areanetwork (LAN), a request for user confidential data from a requesteroutside the LAN; retrieving, by the circuitry, the user confidentialdata from a plurality of storage devices within the LAN, the userconfidential data having been divided into a plurality of portions andthe plurality of portions stored among the plurality of storage devices;and transmitting, by the circuitry, said user confidential data to saidrequester.
 29. The method according to claim 28, further comprising:encrypting, by the circuitry, said user confidential data, wherein thetransmitting of the user confidential data includes transmitting theencrypted user confidential data.
 30. The method according to claim 29,further comprising providing, by the circuitry in response to anauthorization of said request from the requester, decryption informationassociated with said encrypted user confidential data to the requester.31. The method according to claim 28, further comprising aggregating, bythe circuitry, the plurality of portions to assemble the userconfidential data.
 32. The method according to claim 28, furthercomprising incorporating, by the circuitry, security tags into one ormore network packets including said user confidential data.
 33. Themethod according to claim 32, wherein said security tags alert saidbroadband gateway when said one or more network packets are receivedand/or when said user confidential data is accessed.
 34. The methodaccording to claim 28, wherein the transmitting of the user confidentialdata includes transmitting, by the circuitry, the plurality of portionsof said user confidential data.
 35. An apparatus, comprising: circuitrylocated within a local area network (LAN), the circuitry configured to:determine storage devices, within the LAN, where portions of userconfidential data are stored, the user confidential data having beendivided into a plurality of the portions; receive a request for userconfidential data from a requester outside the LAN; retrieve theplurality of portions of the user confidential data from the storagedevices; and trigger communication of the user confidential data to therequester.
 36. The apparatus according to claim 35, wherein thecircuitry is configured to aggregate the plurality of portions toassemble the user confidential data, and the user confidential data istransmitted to the requester.
 37. The apparatus according to claim 35,wherein the circuitry is configured to transmit the plurality ofportions of the user confidential data to the requester.
 38. Theapparatus according to claim 35, wherein the circuitry is furtherconfigured to encrypt the user confidential data, and provide, inresponse to an authorization of said request from the requester,decryption information associated with said encrypted user confidentialdata.
 39. The broadband gateway according to claim 35, wherein thecircuitry is configured to incorporate security tags into one or morenetwork packets including said user confidential data.
 40. The broadbandgateway according to claim 35, wherein the circuitry is configured totrigger the communication of the user confidential data to the requesterby transmitting the plurality of portions of the user confidential datato the requester.